3. Convergence of Information Technology and
Operation Technology.
22-Feb-2012 3
Enterprise Systems
Web Applications
Control Systems
Protection Systems
Information Technology Operations Technology
AMI
DSM
OMS
GIS
Smart Grid Technology
Concerns of Cyber Security
4. -: Need of Data Sharing :-
-: Increased use of digital information :-
-: Two way flow of information for Power Grid :-
22-Feb-2012 4
Markets
Generation Transmission Distribution Customer
Service
Providers
Flow of Electricity
Flow of Information
5. Concerns with regard to security of power grid
solutions.
Existing standards for system security under a
smart grid environment for System Operator.
Challenges of integrating new technologies
with legacy systems.
Roadmap for technology adoption required for
network security in smart grid environment.
22-Feb-2012 5
Agenda
7. Cyber Security in Power Grid
22-Feb-2012 7
ThreatsRequirements
Confidentiality
Integrity
Availability
Non-
Repudiation
Unauthorised
access to
Infomation
Unauthorised
Modification or Theft
of Infomation
Denial of Service or
Prevention of
Authorised Access
Accountability: Denial of Action
That took place, or claim of
Action that did not take place
8. Concerns
• Current power grid depends on complex network of
computers, software and communication technologies.
• If compromised, have the potential to cause great
damages.
• A cyber attack has the unique in nature that it can be
launched through
– public network
– from a remote location
– Form any where in the world.
– Coordinated to attack many locations
22-Feb-2012 8
9. More Concerns
• The legacy communication method used for grid
operations also provide potential cyber attack
paths.
• Many cyber vulnerabilities in Supervisory Control
and Data Acquisition (SCADA) System have been
surfaced.
• Level of automation in substations is increasing,
which can lead more cyber security issues.
• Recent study have shown that the deployed
components have significant cyber vulnerabilities.22-Feb-2012 9
10. Still More Concerns
• Efforts of energy sector to
uncover system vulnerabilities
develop effective countermeasures
have prevented serious damages to electric supply
chain.
• Some of these vulnerabilities are in the process of
being mitigated.
• However, attack on energy control systems have
been successful in many cases.
22-Feb-2012 10
11. Existing standards for system security
under a smart grid environment for
system operators.
22-Feb-2012 11
12. Standards and Framework
• ISO/IEC 27001- Information Security
Management System.
• NERC-CIP Standards - Critical
Infrastructure Protection
Standard.
• NIST IR 7628 – Guidelines for Smart
Grid Cyber Security.
• IEC 62351 Series Security Standards Standards
22-Feb-2012 12
13. ISO/IEC 27001 - ISMS
• Information Security Management System
Standard.
• Published by International Organization for
Standards and International Electro technical
Commission.
• Information technology -- Security techniques --
Information security management systems --
Requirements.
• Formally specifies a management system that is
intended to bring information security under explicit
management control.22-Feb-2012 13
14. NERC – CIP Standards
• Critical infrastructure protection (CIP) is a
concept by North American Reliability Corporation
(NERC).
• Efforts to improve physical and cyber security for
the bulk power system of North America.
• include standards development, compliance
enforcement, assessments of risk and
preparedness
• provide a cyber security framework for the
identification and protection of Critical Cyber
Assets to support reliable operation of the Bulk22-Feb-2012 14
15. CIP-001 Sabotage Reporting
CIP-002 Critical Cyber Asset Identification
CIP-003 Security Management Controls
CIP-004 Personnel & Training
CIP-005 Electronic Security Perimeter(s)
CIP-006 Physical Security of Critical Cyber Assets
CIP-007 Systems Security Management
CIP-008 Incident Reporting and Response Planning
CIP-009 Recovery Plans for Critical Cyber Assets
22-Feb-2012 15
NERC – CIP Standards Series
16. NIST IR-7628 Guidelines for Smart Grid
Cyber Security.
• Advisory guidelines – neither prescriptive
nor mandatory
• Intended to facilitate efforts to develop:-
– A cyber Security Strategy
– Effectively focused on
• Prevention
• Detection
• Response and
• Recovery
22-Feb-2012 16
17. NIST IR-7628 Guideline
The three-volume reports of Guidelines for Smart
Grid Cyber Security are:-
• Volume 1 - Smart Grid Cyber Security Strategy,
Architecture, and High-Level
Requirements
• Volume 2 - Privacy and the Smart Grid
• Volume 3 - Supportive Analyses and References
Freely available at http://csrc.nist.gov/publications/nistir
22-Feb-2012 17
18. IEC-62351 Standards
• Communication protocols are one of the most
critical parts of power system operations.
• Communication protocols developed by TR 57
are:-
– IEC 60870-5 – 101, 102, 103, 104
– IEC 60870-6 – TASE.2
– IEC 61850
• These were very specialized, rely on “Security by
Obscenity” – now no longer valid.
22-Feb-2012 18
19. IEC-62351 Standards Series
• Series provides provides a frame work for security of
existing power system protocols:-
– IEC 62351-1 : Introduction and overview
– IEC 62351-2 : Glossary of Terms
– IEC 62351-3 : Profiles including TCP/IP
– IEC 62351-4 : Profiles including MMS
– IEC 62351-5 : Security for IEC 60870-5 & derivatives
– IEC 62351-6 : Security for 61850 Profiles
– IEC 62351-7 : Management Information Base Requirements
for End-to-End Network Management
22-Feb-2012 19
22. Legacy System – Silos of Information
22-Feb-2012 22
TOP1 – Operational Information DIST1 - Operational Information
DISTx – Operational Information
GEN1 - Operational Information
GENx - Operational Information TOPx – Operational Information
23. Smart System – Sharing of Information
22-Feb-2012 23
Transmission Distribution CustomersGeneration
AMI DSM
System
Operations
System
Operations
24. Challenges in Integrating
22-Feb-2012 24
Increasing Number
Of Systems and
Size of Code Base
Control Systems
Not Designed with
Security in Mind
Increasing Use of
COTS Hardware
and Software
New Customer
Touch Points into
Utilities
New 2-Way
Systems
(e.g. AMI, DSM)
Increasing
Interconnection
and Integration
Increased Attack Surface
Increased Risk to Operations
25. Some Solutions
• Air gap between legacy and new system.
– Sharing of information through batch transfer.
– Not possible in real tim emode.
• Publish/Subscribe technology between legacy
system and new system.
– Information can only be shared if the source system
publishes it.
• Use of Data-diode technolgy.
22-Feb-2012 25
27. Barriers
• Cyber threats are unpredictable and evolve faster
than the sector’s ability to develop and deploy
countermeasures
• Security upgrades to legacy systems are limited by
inherent limitations of the equipment and
architectures
• Threat, vulnerability, incident, and mitigation
information sharing is insufficient among
government and industry
• Weak business case for cyber security investment
by industry
22-Feb-2012 27
28. Strategies
• Build a culture of security.
• Access and Monitor Risks.
• Develop and Implement New Protective Measures
to reduce Risks.
• Manage Incidence.
• Sustain Security Improvements.
22-Feb-2012 28
29. Road Map for Security of Smart Grid
• Information Security Management System have
been adopted by each regional load dispatch
center.
• Each RLDC has been certified by International
Certifying Body (BSI) for ISO 27001:2005.
• SCADA system up gradation is being done with:-
– Adoption of IEC 62351 security standards.
– Secure connection between SCADA network and
Enterprise network for cyber security.
– Access control for physical security.
22-Feb-2012 29